Kernel.org Hacked but Development Continues on Github

September 7, 2011

By
Sean Kerner

There are many components that make the Linux development model work. This past week, the Linux Planet was tested with a security breach of the kernel.org site that ended up proving the value of distributed development model. It's a model that has come under attack from both a security and legal perspective over the years. Time and again, however, the Linux model has emerged victorious.

1. Kernel.org Attacked

The kernel.org site was revealed to have had a major security breach this past week. It's a breach that went un-noticed for 17 days before kernel.org maintainers were aware of it.

While the breach was and is a significant security event and one that should not have occurred, there is a silver lining in the story. Developers from Linus Torvalds on down the line have little to fear from the breach, thanks to the inherent security of the kernel development process.

While kernel.org hosts the main git repository for the mainline Linux kernel, it is a distributed development model. That means that there are many copies of a given tree on development machines (and mirror servers) around the world. Everything in the tree is signed by a SHA-1 cryptographic key.

"Any tampering with any file in the kernel.org repository would immediately be noticed by each developer as they updated their personal repository, which most do daily," Kernel.org stated in its disclosure about the attack.

2. Kernel Development Moves to Github

As a consequence of the attack on Kernel.org, the site is being kept offline as developers run though their systems. While an attack on key infrastructure for some software development projects can lead to a slowdown (or even shutdown) in development, that's not happening with the Linux kernel.

Just a few short days after the kernel.org attack, Linus Torvalds announced the fifth release candidate for Linux 3.1 Seeing as kernel.org is down, Torvalds decided to move development to Github.

Torvalds said that once kernel.org is restored, the github account will simply become a mirror site. Torvalds also noted that he had considered skipping a week, but then thought better of it.

"Hey, the whole point (well, *one* of the points) of distributed development is that no single place is really any different from any other, so since I did a github account for my divelog thing, why not see how well it holds up to me just putting my whole kernel repo there too?," Torvalds wrote.

3. Red Hat Enterprise Linux 7

The next major version of Red Hat's flagship enterprise Linux release is not due until 2013. While 2013 might seem like a distant target, from a development perspective it's not all that far away.

That's why Red Hat announced this week a new effort to solicit feedback and ideas about what customers want to see in Red Hat Enterprise Linux 7 (RHEL). Talk about RHEL 7 comes less than a year after the last major RHEL release. RHEL 6 debuted in November 2010.

For Red Hat, the goal is to get more feedback earlier in the process, such that ideas can be baked in ahead of the first beta.

As an open source company, Red Hat begins most of its development in various open source projects and communities. The Fedora community Linux release is one such community as well. Before a technology lands in a RHEL release, it is typically already somewhat mature and has been tested in Fedora (and often elsewhere as well).

The big theme at this very early stage of RHEL 7 is around, making it easier for users to manage and administer their system.

4. Ubuntu 11.10 Beta

While Red Hat is ramping up for a release in 2013, on the community front Canonical is ramping up for a release in October. Ubuntu Linux 11.10 hit its first beta release this past week, providing a preview of what's to come.

Ubuntu 11.10, codenamed "Oneiric Ocelot" improves on the Unity interface that Ubuntu debuted early this year with the 11.04 release. Among the biggest user facing changes is the renaming of Places to something called 'Lenses.' The lenses idea is about providing a broader view of content that is available to a system.

On the server side, Ubuntu has a set of capabilities collectively known as 'Orchestra,' which enable provisioning, deployment and management of enterprise data. The release also marks the shift in the Ubuntu Enterprise Cloud to OpenStack from Eucalyptus as the default.

5. SCO Loses, Again

After all these years, SCO once again was in the headlines this past week.

This time, the scourge of Linux lost an appeal case on the Unix copyrights issue. SCO lost the original trial back in March 2010 and was seeking to overturn the verdict.

It's not immediately clear whether SCO will continue in its various legal claims. At this point, after multiple judgments against it, there is little, if any, ground for SCO to stand on.

Most Popular LinuxPlanet Stories

Advertiser Disclosure:
Some of the products that appear on this site are from companies from which QuinStreet receives compensation. This compensation may impact how and where products appear on this site including, for example, the order in which they appear. QuinStreet does not include all companies or all types of products available in the marketplace.